Hackers Target Telegram, WhatsApp Users With Trojanized Apps To Steal Crypto

• ESET discovered malicious copycat Telegram and WhatsApp apps targeting Android and Windows users
• These malicious apps are designed to steal victims‘ cryptocurrencies with clippers, a form of malware that either steals or alters clipboard contents
• The trojanized apps also employ OCR technology to identify text within screenshots saved on the infected devices

Malicious Copycat Telegram and WhatsApp Apps

ESET recently discovered many copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of instant messaging apps, all were designed to steal victims‘ cryptos. These malicious apps are classified as clippers, a form of malware that either steals or alters clipboard contents. They specifically target victims‘ cryptocurrency funds, some even directly focus on their cryptocurrency wallets. This is the first time Android clippers have been found built into instant messaging apps, marking a new frontier for cybercriminals.

Clipper Malware

The primary objective of these clippers is to intercept victims‘ messaging interactions and substitute any transmitted or received cryptocurrency wallet addresses with those controlled by the attackers. This allows cybercriminals to pilfer funds from unwitting users who rely on the trojanized apps for conducting cryptocurrency transactions. In addition to the trojanized WhatsApp and Telegram Android apps, ESET researchers also found malicious Windows versions of the same app bundled with remote access trojans (RATs). These RATs provide attackers with even more control over the victims‘ devices, enabling them to steal sensitive information as well as perform other malicious activities.

Google’s App Defense Alliance

Following ESET’s discovery of the first Android clipper on Google Play, Google enhanced Android security by limiting system-wide clipboard operations for background applications on Android versions 10 and above through their App Defense Alliance. This strengthened security prevents background applications from reading data from the system’s clipboard without explicit user consent.

Protecting Yourself From Clipper Malware

In order to protect yourself against similar attacks in future it is important that you remain vigilant when downloading applications onto your device as there may be hidden malicious code embedded inside them waiting for an opportunity to execute itself in order not just steal your cryptocurrencies but other sensitive information too such as passwords etc., so make sure you always check reviews before downloading anything especially if it looks suspiciously like an existing application like what happened here with these copycat websites. Additionally it would be helpful if you enable two factor authentication (2FA) where ever possible in order protect your accounts from being compromised further down the line if one of your passwords does become exposed due this type attack or another kind altogether .


It is clear that hackers are continually developing new ways to target unsuspecting people who use social media platforms such as those provided by Telegram and Whatsapp . As such it is important that individuals take measures such keeping an eye out for suspicious activity , using 2FA whenever possible , and double checking reviews before downloading any applications in order protect themselves against these types attacks in future .

Comments are closed.